9c19964264cfcf7e38da598d9536df0bdec90b29ac1ea4300f5804b1102bf9b7 | Triage

Sharing

General

Target

ce_build.exe
Size

17.1MB
Sample

240427-hsydtsdd87
MD5

b472206ec5e5e4b959d0f18998a37d44
SHA1

4e01afcea4134aca4f13baa5752f61b56c435a16
SHA256

9c19964264cfcf7e38da598d9536df0bdec90b29ac1ea4300f5804b1102bf9b7
SHA512

13ad92ef10b77c9b768f73d44b3d4d20da68bcc3820210923a972997f43bd3d2588002511a60af321d8ce139ec7aa82aec030c5790b7c2174f3c9df082a0a773
SSDEEP

393216:2EGbM6UZbcjyu6LMvkEJ+NqwfnTqCJrsMZgTdeN4+Rs/:25bdUZoj5BJwVfTqC9sMqT0hs/

Score

8^/10

evasion spyware stealer

Malware Config

Targets

- Target
  
  ce_build.exe
- Size
  
  17.1MB
- MD5
  
  b472206ec5e5e4b959d0f18998a37d44
- SHA1
  
  4e01afcea4134aca4f13baa5752f61b56c435a16
- SHA256
  
  9c19964264cfcf7e38da598d9536df0bdec90b29ac1ea4300f5804b1102bf9b7
- SHA512
  
  13ad92ef10b77c9b768f73d44b3d4d20da68bcc3820210923a972997f43bd3d2588002511a60af321d8ce139ec7aa82aec030c5790b7c2174f3c9df082a0a773
- SSDEEP
  
  393216:2EGbM6UZbcjyu6LMvkEJ+NqwfnTqCJrsMZgTdeN4+Rs/:25bdUZoj5BJwVfTqC9sMqT0hs/
Score

8^/10

evasion spyware stealer
- Looks for VMWare Tools registry key
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionspywarestealer